question

ArthasLiu-5969 avatar image
0 Votes"
ArthasLiu-5969 asked ArthasLiu-5969 answered

.net core 2.2 Ws-Federation keeps redirecting during logining

I'm building a web application with WsFederation Authentication in .net core 2.2. The application is quite simple and the target is just pass the authentication and drop out some strings. The strange part is that when I access the page it redirect me to Azure AD account login page and keep login and login..., and not able to access the page. The wctx part of url changes every seconds. Please help me to figure the root cause, thanks.

https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/wsfed?wtrealm=api%3A%2F%2F62287581-857a-4631-8397-9f1fe62a614d&wa=wsignin1.0&wreply=https%3A%2F%2Flocalhost%3A8169&wctx=CfDJ8Jgh4I_bsxBAiaSMihZSDOW7meA5qm5eqIxCJeyY0wjDxc4rHKtGLUI-FJoXNj4jjhu9NNozNM18Ga5x7rDxucjeLQqTLhlRzI2z9fgJbrSSHt1Svtvi-nj0rsHet4Zof13i_q36BKkJMwb3SxXaC30Rtuxy28gfwvybTs3etQoGxzlOjpGdpi2cThcsZQchKjFa44SIhrCU3zg5vFCLdleUQfCZo65vv13-lbQ2_GHF

Here is my startup.cs

 public class Startup
     {
         public void ConfigureServices(IServiceCollection services)
         {
             services.AddAuthentication(sharedOptions =>
                 {
                     sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                     sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                     sharedOptions.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme;
                 })
                 .AddWsFederation(options =>
                 {
                     options.Wreply = "https://localhost:8169";
                     options.Wtrealm = "api://62287581-857a-4631-8397-9f1fe62a614d";
                     options.MetadataAddress = "https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/federationmetadata/2007-06/federationmetadata.xml";
                 })
                 .AddCookie();
                
             services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
    
         }
    
         public void Configure(IApplicationBuilder app, IHostingEnvironment env)
         {
             if (env.IsDevelopment())
             {
                 app.UseDeveloperExceptionPage();
             }
             else
             {
                 app.UseExceptionHandler("/Home/Error");
                 app.UseHsts();
             }
    
             app.UseHttpsRedirection();
             app.UseStaticFiles();
             app.UseCookiePolicy();
             app.UseAuthentication();
    
             app.UseMvc(routes =>
             {
                 routes.MapRoute(
                     name: "default",
                     template: "{controller=Home}/{action=Index}/{id?}");
             });
         }
     }

And here is that simple page.

 [Authorize]
     public class HomeController : Controller
     {
            
         public string Index()
         {
             return $"Home. User:{HttpContext.User.Identity.Name}";
         }
            
         public string Welcome()
         {
             return $"Welcome. User:{HttpContext.User.Identity.Name}";
         }
     }

And here are the redirect urls in AzureAD application authentication settings.

https://localhost:8169/Home/Welcome

https://localhost:8169

https://localhost:8169/signin-wsfed



adfsdotnet-aspnet-core-auth
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

ArthasLiu-5969 avatar image
0 Votes"
ArthasLiu-5969 answered

I find out the root cause. Just add below codes and fix the issue.
services.Configure<CookiePolicyOptions>(options =>
{
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.